[Dagger2]

Of course you can say the same for v6. Blocking connections that go from WAN to LAN by default has the same effect on both protocol families. If you assume that having the appropriate firewall rule to do that is the default then inbound connections will also be blocked on v6 by default.

NAT contributes nothing to your security in this scenario, and instead makes it harder (not easier) to understand and reason about what your router is doing.

[mittensc]

> If you assume that having the appropriate firewall rule to do that is the default

That's the thing, it's not the default, default is public ipv6 for everyone and its the users duty to configure firewall...

I could definitely set this up easily, someone like my parents or friends would ask me 'what's IPv6?'

[Dagger2]

Ah, okay. In that case v4 doesn't have a firewall by default either.

That's precisely why routers come configured with a firewall that blocks inbound connections from the WAN -- because the protocol itself doesn't have a firewall by default, and neither does NAT.